“Cryptojacking is a rising threat to cyber
and personal security,” said Mike Fey, president and COO,
Symantec. “The massive profit incentive puts people,
devices and organisations at risk of unauthorised coinminers
siphoning resources from their systems, further motivating
criminals to infiltrate everything from home PCs to giant
data centres.”

Symantec's ISTR provides a
comprehensive view of the threat landscape, including
insights into global threat activity, cyber criminal trends
and motivations for attackers. The report analyses data from
the Symantec Global Intelligence Network™, the largest
civilian threat collection network in the world which tracks
over 700,000 global adversaries, records events from 126.5
million attack sensors worldwide, and monitors threat
activities in over 157 countries and territories. Key
highlights include:

Cryptojacking Attacks
Explode by 8,500 PercentDuring the past year,
an astronomical rise in cryptocurrency values triggered a
cryptojacking gold rush with cyber criminals attempting to
cash in on a volatile market. Detections of coinminers on
endpoint computers increased by 8,500 percent in 2017.

With a low barrier of entry – only requiring a couple
lines of code to operate – cyber criminals are harnessing
stolen processing power and cloud CPU usage from consumers
and enterprises to mine cryptocurrency. Coinminers can slow
devices, overheat batteries, and in some cases, render
devices unusable. For enterprise organisations, coinminers
can put corporate networks at risk of shutdown and inflate
cloud CPU usage, adding cost.

“Now you could be
fighting for resources on your phone, computer or IoT device
as attackers use them for profit,” said Kevin Haley,
director, Symantec Security Response. “People need to
expand their defences or they will pay for the price for
someone else using their device.”

IoT devices
continue to be ripe targets for exploitation. Symantec found
a 600 percent increase in overall IoT attacks in 2017, which
means that cyber criminals could exploit the connected
nature of these devices to mine en masse. Macs are
not immune either with Symantec detecting an 80 percent
increase in coin mining attacks against Mac OS. By
leveraging browser-based attacks, criminals do not need to
download malware to a victim’s Mac or PC to carry out
cyber attacks.

Majority of Targeted
Attackers Use Single Method to Infect
VictimsThe number of targeted attack groups is
on the rise with Symantec now tracking 140 organised groups.
Last year, 71 percent of all targeted attacks started with
spear phishing – the oldest trick in the book – to
infect their victims. As targeted attack groups continue to
leverage tried and true tactics to infiltrate organisations,
the use of zero-day threats is falling out of favour. Only
27 percent of targeted attack groups have been known to use
zero-day vulnerabilities at any point in the past.

The security industry has long discussed what type of
destruction might be possible with cyber attacks. This
conversation has now moved beyond the theoretical, with one
in ten targeted attack groups using malware designed to
disrupt.

Implanted Malware Grows by 200
Percent, Compromising Software Supply
ChainSymantec identified a 200 percent increase
in attackers injecting malware implants into the software
supply chain in 2017. That’s equivalent to one attack
every month as compared to four attacks the previous year.
Hijacking software updates provides attackers with an entry
point for compromising well-guarded networks. The Petya
outbreak was the most notable example of a supply chain
attack. After using Ukrainian accounting software as the
point of entry, Petya used a variety of methods to spread
laterally across corporate networks to deploy its malicious
payload.

Mobile Malware Continues to
SurgeThreats in the mobile space continue to
grow year-over-year, including the number of new mobile
malware variants which increased by 54 percent. Symantec
blocked an average of 24,000 malicious mobile applications
each day last year. As older operating systems continue to
be in use, this problem is exacerbated. For example, with
the Android operating system, only 20 percent of devices are
running the newest version and only 2.3 percent are on the
latest minor release.

Mobile users also face privacy
risks from grayware apps that aren’t completely malicious
but can be troublesome. Symantec found that 63 percent of
grayware apps leak the device’s phone number. With
grayware increasing by 20 percent in 2017, this isn’t a
problem that’s going away.

Business-Savvy
Cyber Criminals Price Ransomware for ProfitIn
2016, the profitability of ransomware led to a crowded
market. In 2017, the market made a correction, lowering the
average ransom cost to US$522 and signaling that ransomware
has become a commodity. Many cyber criminals may have
shifted their focus to coin mining as an alternative to
cashing in while cryptocurrency values are high.
Additionally, while the number of ransomware families
decreased, the number of ransomware variants increased by 46
percent, indicating that criminal groups are innovating less
but are still very productive.

###

About the Internet Security Threat
ReportThe Internet Security Threat Report
provides an overview and analysis of the year in global
threat activity. The report is based on data from
Symantec’s Global Intelligence Network, which Symantec
analysts use to identify, analyse and provide commentary on
emerging trends in attacks, malicious code activity,
phishing and spam.

About
SymantecSymantec Corporation (NASDAQ: SYMC),
the world’s leading cyber security company, helps
organisations, governments and people secure their most
important data wherever it lives. Organisations across the
world look to Symantec for strategic, integrated solutions
to defend against sophisticated attacks across endpoints,
cloud and infrastructure. Likewise, a global community of
more than 50 million people and families rely on
Symantec’s Norton and LifeLock product suites to protect
their digital lives at home and across their devices.
Symantec operates one of the world’s largest civilian
cyber intelligence networks, allowing it to see and protect
against the most advanced threats. For additional
information, please visit www.symantec.com or connect with us on
Facebook, Twitter, andLinkedIn.

In response to the challenges facing Scoop and the media industry we’ve instituted an Ethical Paywall to keep the news freely available to the public.
People who use Scoop for work need to be licensed through a ScoopPro subscription under this model, they also get access to exclusive news tools.

Coalition Government signals how it will move toward its goal of a $20 p/h minimum wage by 2021... “Today we are announcing that the minimum wage will increase to $17.70 an hour on 1 April 2019." More>>

International credit rating agency Fitch says the Reserve Bank's proposals for increased bank capital adequacy ratios are "radical" and "highly conservative relative to international peers", but the result will ultimately be "significantly stronger buffers" against financial system shocks. More>>

Immigration Minister Iain Lees-Galloway announced yesterday that the Government is consulting on proposed changes to employer-assisted temporary work visa settings to ensure that work visas issued reflect genuine regional skill shortages. More>>